Author: PinkNoize
- Glibc version used by a process
- Address of 1 or more glibc functions
-
Get the addresses of some glibc functions
You can get these addresses however you want. Some examples include debug statements or an arbitrary memory read to read the addresses out of the .got.plt section.
-
Compare the addresses to known glibc address offsets
You should not do this manually. Use a tool like libc-database. The online version is at https://libc.rip/.
This technique is useful when you are supplied a challenge without a glibc ELF where exploitation would be simplified by having the glibc ELF. This can be combined with one_gadget to speed up the creation of shell dropping ROP chains.